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DETAILED ACTION 

1. The office action is in replay to an amendment filed on 02/13/2007. Claims 1- 
5,12,23-25 have been amended. Claims 26-39 are added. Claims 1-39 are pending. 

2. The examiner withdraws 35 U.S.C 101 rejection based on the applicant 
amendement. 

Response to Arguments 

3. Applicant's arguments filed on 02/13/2007 have been fully considered but 
they are not persuasive. 

4. Regarding to claims 1,12 the applicant argued that Sharma teaches authorized 
network devices not subsystems of a network element. The examiner disagree and 
points out that the claim limitation "subsystems of a network element" is very broad term 
therefore the examiner interpreted the authorized network device as subsystems of 
network element. Further the applicant points out "that the claimed approach recognizes 
that the DHCP subsystems should be treated as inherently trusted" but the examiner 
doesn't see that future on claims 1 or 12. 

5. Regarding to claims 6-8,10-11: the applicant argued that Sharma does not 
suggest or teach "if the particular network address is not contained in the set, then 
updating the ARP table based on the instruction; if the particular subsystem is not 
authorized then performing the steps of determining whether a particular network 
address indicated by the instruction is contained in a set of one or more specified 
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network; wherein the ARP table is updated only in response to instructions that are not 
ARP messages; determining whether the particular subsystem is a Hypertext Transfer 
Protocol(HTTP server) "The examiner disagree and points out Sharma teaches if the 
particular network address is not contained in the set, then updating the ARP table 
based on the instruction(See Fig 5 step 504 and col 7 lines 1-9); if the particular 
subsystem is not authorized then performing the steps of determining whether a 
particular network address indicated by the instruction is contained in a set of one or 
more specified network(See col 7 lines 1-9 and Fig 5 step 504); wherein the ARP table 
is updated only in response to instructions that are not ARP messages(See col 3 lines 
6-34); determining whether the particular subsystem is a Hypertext Transfer 
Protocol(HTTP server)(See col 4 lines 22-51) 

6. Regarding to claim 12:the applicant also argued that Sharma does not suggest or 
teach determining whether a particular network interface through which the instruction 
was received is contained in a set of one or more specified network interface. The 
examiner disagree and points out Sharma teach determining whether a particular 
network interface through which the instruction was received is contained in a set of one 
or more specified network interface (See col 1 line 66 through col 2 line 30 and col 5 
line 44 through col 6 line 10(i.e., network device on a common subnet)). 

7. Applicant's arguments with respect to claims 2-5 and 14-22 have been 
considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 102 
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8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

9. Claims 1,6-8,10-13,23-25,30-32,37-39 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Sharma et a] (hereinafter referred as Sharma) US 6,754,716. 

10. As per claims 1,23-25: Sharma discloses a method/computer-readable 
medium/apparatus of restricting Address Resolution Protocol (ARP) table updates to 
updates originating from authorized subsystems, the method comprising: receiving an 
instruction to update an ARP table(See Fig 6 step 602 and col 2 lines 39- 
43);determining whether a particular subsystem within a network device from which the 
instruction originated is authorized(See Fig 6 step 604 and col 3 lines 12-34, Fig 1 step 
106); and if the particular subsystem is authorized(See Fig 6 step 604 and col 3 lines 
12-34), then updating the ARP table based on the instruction(See Fig 6 step 606 and 
col 2 lines 55-65 and col 7 lines 9-19) 

11. As per claims 6,30,37: Sharma discloses the method further comprising: if the 
particular subsystem is not authorized, then preventing the ARP table from being 
updated based on the instruction (See Fig 5 step 504) 
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12. As per claims 7,31,38: Sharma discloses the method further comprising: if the 
particular subsystem is not authorized, then performing the steps of: determining 
whether a particular network interface through which the instruction was received is 
contained in a set of one or more specified network interfaces (See col 5 line 44 
through col 6 line 10 and Fig 5 steps 502, 504); if the particular network interface is 
contained in the set, then preventing the ARP table from being updated based on the 
instruction (See Fig 5 step 504 and col 7 line 1-9); and if the particular network 
interface is not contained in the set, then updating the ARP table based on the 
instruction(See Fig 5 step 504 and col 7 line 1-9). 
13. As per claims 8,32,39: Sharma discloses the method further 
comprising: if the particular subsystem is not authorized, then performing 
the steps of: determining whether a particular network address indicated by the 
instruction is contained in a set of one or more specified network address (See col 5 
line 44 through col 6 line 10 and Fig 5 steps 502, 504); if the particular network 
address is contained in the set, then preventing the ARP table from being updated 
based on the instruction (See Fig 5 step 504 and col 7 line 1-9); and if the particular 
network address is not contained in the set, then updating the ARP table based on the 
instruction(See Fig 5 step 504 and col 7 line 1-9). 

14. As per claims 10: the method wherein the ARP table is updated only in response 
to instructions that are not ARP message (See col 3 lines 6-34). 
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15. As per claim 1 1 : the method wherein determining whether the particular system 
is authorized comprises determining whether the particular subsystem is a 
Hypertext Transfer Protocol (HTTP) server (See col 4 lines 22-51). 
16. As per claim 12: Sharma discloses a method of restricting Address 
Resolution Protocol (ARP) table updates to updates originating from authorized 
subsystems, the method comprising: receiving an instruction to update an ARP 
table(See Fig 6 step 602 and col 2 lines 39-43); determining whether a particular 
network interface through which the instruction was received is contained in a set of 
one or more specified network interfaces(See col 5 line 44 through col 6 
line 10); determining whether a particular network address indicated by 
the instruction is contained in a set of one or more specified network 
addresses(See Fig 6 step 604 and col 3 lines 12-34); if the particular network interface 
is not contained in the set of one or more specified network interfaces, and if the 
particular network address indicated by the instruction is not contained in the set of one 
or more specified network addresses, then updating the ARP table based on the 
instruction(See col 2 lines 55-65 and col 7 lines 1-9); and 
if the particular network interface is contained in the set of one or more specified 
network interfaces, of if the particular network address is contained in the set of one or 
more specified network addresses, then performing steps comprising: 
determining whether a particular subsystem from which the instruction 
originated is authorized(See Fig 6 step 604 and col 3 lines 12-34); if the 
particular subsystem is authorized, then updating the ARP table based on the 
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instructional 7 lines 9-15); and if the particular subsystem is not authorized, then 
preventing the ARP table from being updated based on the instruction(See col 7 lines 
1-9). 

17. As per claim 13: Sharman discloses wherein receiving the instruction to update 
the ARP table comprises receiving and ARP message that indicates an association 
between a network layer address and a data link layer address. (See Fig 2 step 200 and 
Fig 6 step 606) 

18. Claims 2-5,26-29,34-36 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sharma et al (hereinafter referred as Sharma) US 6,754,716 in 
view of Wilson (US Pub No 2001/0054101). 

19. As per claim 2,26,33: Sharma discloses claim 1 as recited above. Sharma does . 
not disclose the particular subsystem is a Dynamic Host Configuration Protocol Server, 
an Authentication, and Authorization, Accounting (AAA) server or a Network Address 
Translator (NAT). 

However Wilson teaches the particular subsystem is a Dynamic Host 
Configuration Protocol Server, an Authentication, and Authorization, Accounting (AAA) 
server or a Network Address Translator (NAT)(See 0007 Fig 3 steps 314,316). 

Therefore it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Sharma to 
include a Dynamic Host Configuration Protocol Server, an Authentication, and 
Authorization, Accounting (AAA) server or a Network Address Translator (NAT). 
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This modification would have been obvious because a person having ordinary 
skill in the art would have been motivated to do so, as suggested by Sharma (See col 1 
line 66 through col 2 line 3) inorder to restrict communications between network devices 
on common subnet such as any network devices can be restricted to communicating 
only with a predefined set of authorized of validated network devices. 
20. As per claims 3,27,34: Sharma discloses claim 1 as recited above. Sharma does 
not disclose the method wherein determining authorized comprise determining whether 
a Dynamic Host Configuration Protocol (DCHP) server is authorized. 

However Wilson teaches he method wherein determining authorized comprise 
determining whether a Dynamic Host Configuration Protocol (DCHP) server is 
authorized (See 0007 Fig 3 steps 314,316). 

Therefore it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Sharma to 
include the method wherein determining authorized comprise determining whether a 
Dynamic Host Configuration Protocol (DCHP) server is authorized. 

This modification would have been obvious because a person having ordinary 
skill in the art would have been motivated to do so, as suggested by Sharma (See col 1 
line 66 through col 2 line 3) inorder to restrict communications between network devices 
on common subnet such as any network devices can be restricted to communicating 
only with a predefined set of authorized of validated network devices. 
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21 . As per claims 4,28,35: Sharma discloses claim 1 as recited above. Sharma does 
not disclose the method wherein determining whether the particular system is 
authorized comprises determining whether the particular subsystem is NAT server. 

However Wilson teaches the method wherein determining whether the particular 
system is authorized comprises determining whether the particular subsystem is NAT 
server. (See 0007 Fig 3 steps 314,316) 

Therefore it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Sharma to 
include determining whether the particular system is authorized comprises determining 
whether the particular subsystem is NAT server 

This modification would have been obvious because a person having ordinary 
skill in the art would have been motivated to do so, as suggested by (See col 3 lines 16- 
19) inorder to restrict communications between network devices on common subnet 
such as any network devices can be restricted to communicating only with a predefined 
set of authorized of validated network devices. 

22. As per claims 5,29,36: Sharma discloses claim 1 as recited above. Sharma does 
not disclose the method wherein determining whether the particular system is 
authorized comprises determining whether the particular subsystem is an authentication 
authorization accounting (AAA) server. 

However Wilson teaches determining whether the particular system is authorized 
comprises determining whether the particular subsystem is an authentication 
authorization accounting (AAA) server (See 0007 Fig 3 steps 314,316) 
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Therefore it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Sharma to 
include a Dynamic Host Configuration Protocol Server, an Authentication, and 
Authorization, Accounting (AAA) server or a Network Address Translator (NAT). 

This modification would have been obvious because a person having ordinary 
skill in the art would have been motivated to do so, as suggested by Sharma(See col 1 
line 66 through col 2 line 3) inorder to restrict communications between network devices 
on common subnet such as any network devices can be restricted to communicating 
only with a predefined set of authorized of validated network devices.. 

23. Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sharma 
et al (hereinafter referred as Sharma) US 6,754,716 in view of Massarani (US 6,393,484 
B1). 

24. As per claim 9: Sharma discloses claim 1 as recited above. Sharma does not 
discloses the method comprising determining whether a specified amount of time has 
passed since a time indicated by a timestamp associated with an entry in the ARP table; 
and if the specified amount of time has passed then removing the entry from the ARP 
table. 

However Massarani teaches the method comprising determining whether a 
specified amount of time has passed since a time indicated by a timestamp associated 
with an entry in. the ARP table; and if the specified amount of time has passed then 
removing the entry from the ARP table (See abstract and See Fig 7 steps 701). 
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Therefore it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Sharma to 
include determining whether a specified amount of time has passed since a time 
indicated by a timestamp associated with an entry in the ARP table; and if the specified 
amount of time has passed then removing the entry from the ARP table. 

This modification would have been obvious because a person having ordinary 
skill in the art would have been motivated to do so, as suggested by Massarani(See col 
3 lines 16-19) inorder to prevent unauthorized devices and users from obtaining network 
services in a dynamic user address environment. 

25, Claims 14-22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
Massarani (hereinafter referred as Massarani) US 6,393,484 B1 in view of Chien et 
al(hereinafter referred as Chien( US Pub No 20030115345). 

26. As per claim 14: Massarani discloses the method of sending an instruction to 
update an Address Resolution Protocol (ARP) table in a system in which ARP table 
updates are restricted to updates originating from authorized subsystems, the method 
comprising: in response to receiving the message, determining whether the network 
layer address is bound with a data link layer address in the ARP table (See Fig 3 step 
310 and col 5 lines 31-54); and only (See Fig 3 step 310 and col 5 lines 31-54); and if 
the network layer address is not bound with a data link layer address, then sending an 
instruction to update an ARP table(See Fig 4 step 416 and col 5 lines 31-54) 
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Massarani does not explicitly teach receiving a request to update the ARP table 
from a Dynamic Host Configuration Protocol (DHCP) in a DHCP message that indicates 
a network layer address (See Fig 3 step 308 and col 5 lines 31-54); 

However Chien teaches receiving a request to update the ARP table from a 
Dynamic Host Configuration Protocol (DHCP) in a DHCP message that indicates a 
network layer address (See paragraph 0063-0066). 

Therefore it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the method disclosed by Massarani to 
include receiving a request to update the ARP table from a Dynamic Host Configuration 
Protocol (DHCP) in a DHCP message that indicates a network layer address. 

This modification would have been obvious because a person having ordinary 
skill in the art would have been motivated to do so, as suggested by Massarani (See col 
3 lines 16-19) inorder to prevent unauthorized devices and users from obtaining network 
services in a dynamic user address environment. 

27. As per claim 15: the combination of Massarani and Chien disclose the method 
wherein the instruction is to update the ARP table to contain a binding between the 
network layer address and data link layer address of a DHCP client that sent the 
message ( Massarani col 5 lines 31-54) 

28. As per claim 16: the combination of Massarani and Chien disclose the method 
comprising determining whether a lease associated with the network layer address has 
expired (See Massarani col 7 lines 27-37); and if the lease has expired, then sending an 
instruction to update the ARP table (See abstract). 
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29. As per claim 17: the combination of Massarani and Chien disclose the method 
determining whether a lease associated with the network layer address has expired 
(See Massarani col 7 lines 27-37); and if the lease has expired, then sending an 
instruction to remove, from the ARP table, an entry that contains the' network layer 
address (See Massarani col 7 lines 27-37). 

30. As per claim 18: the combination of Massarani and Chien disclose the method 
comprising receiving a particular DHCP message requests an extension of a lease (See 
abstract); and response to receiving the particular DHCP message, sending an 
instruction to update the ARP table (See Massarani abstract). 

31 . As per claim 1 9: the combination of Massarani and Chien disclose the method 
comprising receiving a particular DHCP message that relinquishes a lease (See 
abstract); and in response to receiving the particular DHCP message, sending an 
instruction to update the ARP table (See Massarani abstract). 

32. As per claim 20: the combination of Massarani and Chien disclose the method 
comprising if the network layer address is not bound with a data link layer address, then 
sending an instruction to start a process in connection with the network layer address 
(See Massarani col 5 lines 25-54). 

33. As per claim 21: the combination of Massarani and Chien disclose the method 
comprising determining whether a lease associated with the network layer address has 
expired (See Massarani Fig 6 step 603); and if the lease has expired, then sending an 
instruction to stop a process in connection with the network layer address (See 
Massarani Fig 6 step 603 and col 7 lines 9-23). 
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34. As per claim 22: the combination of Massarani and Chien disclose the method 
comprising receiving a particular DHCP message that relinquishes a lease (See 
Massarani Fig 6 step 601); and in response to receiving the particular DHCP 
message; sending an instruction to stop a process in connection with the network 
layer address (See Massarani Fig 7 step 704 and col 7 lines 9-23). 

Conclusion 

35. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee- pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Fikremariam Yalew whose telephone number is 
5712723852. The examiner can normally be reached on 9-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Moazzami Nasser,can be reached on 5712738300. The fax phone number 
for the organization where this application or proceeding is assigned is 571-272-4195. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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